package org.arain.spring.captive.portal.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.HttpFirewall;
import org.springframework.security.web.firewall.StrictHttpFirewall;


@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

//	@Autowired
//	private MyDisableUrlSessionFilter myDisableUrlSessionFilter;

	@Override
	protected void configure(HttpSecurity http) throws Exception {
//		http.addFilterBefore(myDisableUrlSessionFilter,UsernamePasswordAuthenticationFilter.class);
		http.csrf().disable().authorizeRequests().anyRequest().permitAll().and().logout().permitAll();
		
	}
	
	@Override
	public void configure(WebSecurity web) throws Exception {
	    super.configure(web);
	    web.httpFirewall(allowUrlEncodedSlashHttpFirewall());
	}
	
	@Bean
	public HttpFirewall allowUrlEncodedSlashHttpFirewall() {
	    StrictHttpFirewall firewall = new StrictHttpFirewall();
	    firewall.setAllowUrlEncodedSlash(true);    
	    firewall.setAllowUrlEncodedDoubleSlash(true);
	    return firewall;
	}
}